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Amendment to the Claims : 
This listing of claims replaces all prior versions; and 
listings, of claims in the application: 

1. (Currently Amended) A method comprising providing a 
capability to perform operations on a computer system, the 
operations comprising: 

searching an entry associated with a network component in 
an aggregated data set to identify one or more pointers to a 
deployment policy tree and a pointer to a configuration tree^_ 
the deployment policy tree hierarchically associating policies 
with a plurality of network components including the network 
component , the configuration tree hierarchically defining a 
plurality of deployed network components including the network 
components ; 

based on the identified one or more pointers to the 
deployment policy tree, searching the deployment policy tree to 
identify one or more policies directly associated with the 
network component and to identify one or more policies directly 
associated with the groiip; 

based on the identified pointer to the network 
configuration tree, searching the configuration tree to identify 
a parent node corresponding to a group to which the network 
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component belongs to generate a list of one or more groups to 
which the network component belongs. 

2. (Original) The method of claim 1 in which the network 
component comprises one or more of the following: a network 
device, a device group, a device subgroup, a user, a group of 
users, an application, a group of applications, an end-host, a 
group of end-hosts, and one or more time conditions* 

3. (Original) The method of claim 2 in which at least one 
of the identified policies associated with the network component 
is currently deployed. 

4. (Original) The method of claim 2 in which at least one 
of the identified policies associated with the network component 
is currently undeployed. 

5-6 * (Canceled) 

7. (Previously Presented) The method of claim 1 further 
comprising recursively searching the aggregated data set and the 
configuration tree until a non-group node is encountered in the 
configuration tree. 

8. (Original) The method of claim 7 in which the recursive 
searching generates a group chain list. 
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9 . (Canceled) . 

10. (Previously Presented) The method of claim 1 in which 
one or more of the operations is performed at least in part 
using the aggregated da~a set. 

11-12. (canceled). 

13. (Previously Presented) The method of claim 1 in which 
the aggregated data set comprises a plurality of entries, each 
entry corresponding to a network component and including a 
network component identifier, one or more pointers to a 
deployment policy tree, and a pointer to a network configuration 
tree . 

14. (Original) The method of claim 1 in which providing a 
capability to perform operations on a computer system comprises 
providing at a network management policy decision point a policy 
based network management software application capable of 
performing the operations. 

15. (Currently amended) An article comprising: 

a storage medium having a plurality of machine readable 
instructions, wherein execution of the instructions causes a 
machine to perform operations comprising: 
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search an entry associated with a network component in an 
aggregated data set to identify one or more pointers to a 
deployment policy tree and a pointer to a configuration tree^ 
the deployment policy tree hierarchically associating policies 
with a plurality of network components includ ing the network 
component, the conf icjuration tree hiera rchically defining a 
plurality of deployed network components in cluding the network 
components ; 

based on the identified one or more pointers to the 
deployment policy tree, search the deployment policy tree to 
identify one or more policies directly associated with the 
network component and to identify one or more policies directly 
associated with the group; and 

based on the identified pointer to the network 
configuration tree, search the configuration tree to identify a 
parent node cor re ©ponding to a group to which the network 
component belongs to generate a list of one or more groups to 
which the network component belongs . 



16. (Original) The article of claim IS in which the network 
component comprises one or more of the following: a network 
device, a device group, a device subgroup, a user, a group of 
users, an application, a group of applications, an end-host, a 
group of end-hosts, and one or more time conditions, 
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17-18 . (Canceled) . 

19. (Previously Presented) The article of claim 15 further 
comprising instructions to recursively search the aggregated 
data set and the configuration tree until a non-group node is 
encountered in the configuration tree. 

20. (Original) The article of claim 19 in which the 
recursive searching generates a group chain list. 

21 ♦ (Canceled) . 

22. (Previously Presented) The article of claim 15 in which 
one or more of the operations is performed at least in part 
using the aggregated data set. 

23, (Previously Presented) The article of claim 15 in which 
the aggregated data set comprises a hash table or a red-black 
tree. 

24- (Previously Presented) The article of claim 15 in which 
the aggregated data set comprises a plurality of entries, each 
entry corresponding to a network component and including a 
network component identifier, one or more pointers to a 
deployment policy tree, and a pointer to a network configuration 
tree . 
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25. (Currently Amended) A policy based network management 
(PBNM) system comprising: 

a network configuration tree configured to store a 
hierarchical, tree representation of a network configuration, the 
tree representation being formed of a plurality of nodes, each 
node corresponding to a network component ; 

a deployed policy tree configured to store a hierarchical 
tree representation of policies associated with network 
components ; 

an aggregated data set configured to store a plurality of 
data elements including one or more identity elements, one or 
more pointers to the deployed policy tree, and one or more 
pointers to the network configuration tree, each identity 
element identifying a network component and having an associated 
network configuration tree pointer and one or more associated 
deployed policy tree pointers; and 

one or more software components configured to identify one 
or more policies associated with a network component; generate a 
list of one or more groups to which the network component 
belongs; and identify one or more policies associated with each 
of the groups in the generated list. 

26. (Original) The system of claim 25 in which the network 
component comprises one or more of the following: a network 

7 

PAGE 9/17 * RCVD AT 12/19/2005 8:21:07 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-6/32 1 DNIS:2738300 * CSIDil 858 678 5099 * DURATION (mm-ss):05-10 



12/19/2005 17:25 FAX 1 858 678 5099 



FISH AND RICHARDSON 



©010/017 



Attorney's Docket No . : 10559-503001/P11795 

device, a device group, a device subgroup, a user, a group of 
users, an application, a group of applications, an end-host , a 
group of end-hosts, and one or more time conditions, 

27. (Original) The system of claim 25 in which the one or 
more software components configured to identify one or more 
policies associated with the network component are configured to 
perform the following: 

search an entry associated with the network component in 
the aggregated data set to identify the network component's one 
or more associated deployed policy tree pointers; and 

based on the identified one or more deployed policy tree 
pointers, search the deployment policy tree to identify one or 
more policies directly associated with the network component. 

28- (Original) The system of claim 25 in which the one or 
more software components configured to generate the list of one 
or more groups to which the network component belongs are 
configured to perform the following: 

search an entry associated with the network component in 
the aggregated data set to identify the network component's 
associated network configuration tree pointer; and 
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based on the identified network configuration tree pointer, 
search the network configuration tree to identify a parent node 
corresponding to a group to which the network component belongs. 

29. (Original) The system of claim 28 in which the one or 
more software components recursively search the aggregated data 
set and the network configuration tree until a non-group node is 
encountered in the configuration tree. 

30. (Original) The system of claim 25 in which the one or 
more software components configured to identify one or more 
policies associated with each of the groups in the generated 
list are configured to perform the following for each group in 
the list: 

search an entry associated with the group in the aggregated 
data set to identify the group's one or more associated deployed 
policy tree pointers; and 

based on the identified one or more deployed policy tree 
pointers f search the deployed policy tree to identify one or 
more policies directly associated with the group. 

31-32. (Canceled) . 

33. (Currently amended) A method comprising providing a 
capability to perform operations on a computer system, the 
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operations comprising : 

receiving a request to identify one or more policies 
associated with a specified subject ; 

identifying one or more policies directly associated with 
the specified subject by: 

searching an entry associated with the specified 
subject in an aggregated data set to identify one or more first 
pointers to a deployment policy tree ^ the deployme nt policy tree 
hierarchically associating policies with a plurali ty of network 
components including the _network component ; and 

based on the identified one or more first deployment 
policy tree pointers, searching the deployment policy tree to 
identify one or more policies directly associated with the 
specified subject; 

generating a list of one or more groups to which the 
specified subject belongs by: 

searching an entry associated with the specified 
subject in the aggregated data set to identify a pointer to a 
configuration tree , the configuration tree hi erarchically 
defining a plurality of deployed network components including 
the network components ; and 

based on the identified configuration tree pointer, 
searching the configuration tree to identify a parent node 
corresponding to a group to which the specified subject belongs ; 
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and 

identifying one or more policies associated with each of 
the groups in the generated list by: 

searching an entry associated with the group in the 
aggregated data set to identify one or more second pointers to a 
deployment policy tree; and 

based on the identified one or more second deployment 
policy tree pointers, searching the deployment policy tree to 
identify one or more policies directly associated with the 
group - 

34. (Original) The method of claim 33 in which the 
specified subject comprises one or more of the following: a 
network device, a device group, a device subgroup, a user, a 
group of users, an application, a group of applications, an end- 
host, a group of end-hosts, and one or more time conditions. 

35-36. (Canceled) , 

37. (Previously Presented) The method of claim 33 further 
comprising recursively searching the aggregated data set and the 
configuration tree until a non-group node is encountered in the 
configuration tree. 
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38 . (Canceled) . 

39. (Original) The method of claim 33 in which providing a 
capability to perform operations on a computer system comprises 
providing at a network management policy decision point a policy 
based network management software application capable of 
performing the operations. 
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